Tuesday, June 16, 2009

Financial Services Have Lost Balttle Over PII (Personally Identifiable Information)

Can Financial Institutions win the war?  Yes...If they arm their users with "weapons of mass phishduction."  PII is out...but PIN is SAFE at Home.
 
NEEDHAM, Mass., June 16 /PRNewswire/ -- A new research report by TowerGroupdeclares that the financial services industry has lost the battle toprotect consumers' personally identifiable information (PII) data.TowerGroup's George Tubinpoints out that in light of the loss or theft of hundreds of millionsof data records containing PII, the financial services industry mustconsider the ramifications of past, present and future data losses.

The report indicates that despite significant US media attention,increased state legislative demands, negative customer reaction andsubstantial costs associated with consumer data loss, millions ofcustomer data records continue to be lost or stolen every month.


Financial institutions must now assume that all of their clients' andprospects' personal information has been compromised or will be. Over100 data breach incidents containing millions of data records werereported in just the first four months of 2009
.

Recent instancesinclude hackers accessing a Federal Aviation Administration system andthe theft of laptops from the Dezonia Group. Compromised PII has acrippling impact on businesses and consumers.

"While greater access to customer data is key for businesses toimprove customer relationship management and business processes, therewill always be repercussions, including the possibility of personaldata landing in the hands of the wrong parties," said George Tubin,Senior Research Director for Financial Information Security atTowerGroup. "However, while the battle to protect data has been lost sofar, TowerGroup firmly believes that the war can be won."

TowerGroup recommends the following guidelines for financialservices institutions to curb the use of compromised PII to commitfinancial fraud:

  • Assume that traditional accountinformation such as a client or prospect's name, social securitynumber, address, telephone number, date of birth and account balanceare useless as authentication factors. Instead, consider usingknowledge-based authentication and one-time passwords delivered viaShort Messaging Service (SMS).  Editor's Note:  How about a 2FA (two-factor-authentication) device enabling users to swipe their card (something they have) and enter their PIN (something they know) mirroring ATM use access?
  • Implement an integrated,cross-channel fraud prevention strategy that detects and diagnosespossible use of fraudulently obtained PII in real time and across allbusiness practices.
  • Continually evaluate and evolvefraud prevention approaches because smart fraudsters constantly changetheir means and tactics for breaking security systems and stealingdata.
TowerGroup recommends that, concurrently, government regulatorsimplement meaningful data breach prevention requirements and penaltiesthat compel businesses to actually protect data. Until legislative andregulatory bodies implement these penalties, data loss incidents willpersist and worsen. Highly effective and usable data loss preventionpractices and technologies are readily available to all businesses butare grossly underutilized.

The TowerGroup Research Note titled "Protecting PersonalInformation: We Lost the Battle, Can We Win the War?," is available tomembers of the press for review. To request a copy of or to arrange aninterview with Mr. Tubin, please contact Lisette Kwong at 212-642-7753 or lisette.kwong@edelman.com.

The research report may also be purchased online at the TowerGroup Store via credit card by using this link: http://store.towergroup.com/index.asp?PageAction=VIEWPROD&ProdID=656.

About TowerGroup: TowerGroup is the leading research andadvisory services firm focused exclusively on the financial servicesindustry. A respected source for trusted information and advice,TowerGroup brings many of the world's leading financial institutions,technology companies, and professional services firms a deeperunderstanding of the business and technology issues impacting theirorganizations. Headquartered near Boston in Needham, Massachusetts, and with offices in North America and Europe, TowerGroup serves a global client base.

Visit www.towergroup.com for more information.
    Contact:
Lisette Kwong
Edelman for TowerGroup
lisette.kwong@edelman.com
212-642-7753

SOURCE TowerGroup


Reblog this post [with Zemanta]

Disqus for ePayment News